SSH Client Proxy Sessions
Now its time to make your Administrators, Developers and Contractors happy too.
-
Open your local SSH client (we will use PuTTY in our example but most other SSH clients function similarly) and create a new session
-
In the Host Name field, enter the hostname of your PAM server (for example: xtam.company.com)
-
In the Port field, enter the port number you assigned in the PAM configuration from the previous section (default port in PAM is 2022)
-
For the Connection Type, select SSH.
-
Save the session and then Open the SSH connection
-
When PuTTY prompts for a login as account, enter a user string as described below:
- Press your Enter key
- You will now observe an Authentication Banner is displayed to illustrate that the session is being provided via the PAM Secure Shell Proxy
- At the Password prompt, enter the password for your PAM login
- Press your Enter key to complete the authentication process
- After a few moments, you will be connected to the remote SSH endpoint using the secured connection details in the referenced PAM record.
- To confirm that the session is being provided via PAM, you can navigate to the Session tab of this record and note that there is now an Active session using this record. You can also execute commands in the PuTTY session and see them appear in the PAM event log.
If you do not know the record ID or Name, you can access the PAM SSH Proxy Interface to display and select from a list of available records for connection. You can access this Proxy Interface simply by not specifying a record ID or Name. For additional information, please read the PAM SSH Proxy Interface article.
YourXTAMLoginName#XTAMrecordName or YourXTAMLoginName#XTAMrecordID
For example, if your login to PAM was the username bwilliams and the PAM record that contains the SSH details has the name Unix Production Server and ID 41603, then the login string would be bwilliams#Unix Production Server or bwilliams#41603
When using the record Name to define the connection string, the record Name must be unique in PAM. If the name is not unique, the connection will fail and you should use its record ID instead.
A # (hash), % (percent) or : (colon) character may be used as a separator between the login and recordID values.
The record’s ID can be found in the URL when viewing the record’s Details (https://xtam.company.com/xtam/records/record_view/41603/type)
If you are using MFA, please enter your MFA token at the prompt to continue.
Example using Command or Terminal Prompt
Example using SecureCRT
Example using WinSCP
< Creating secure SSH records in PAM